Facebook’s new requirement to have all tabs and apps working over HTTPS got my dev team working frantically on fixing all active apps.
One of the apps I manage is particularly interesting, because assets for the app are hosted on an Akamai server. Here’s how it is set up:
And when I try point Facebook tab to the secure version of the file that lives on Akamai, the page throws the “Access denied” error:
What’s the reason? Well, apparently Facebook iFrame apps/tabs request content via POST (as opposed to GET). On most servers this works fine by default. In a case of Akamai, POST requests have to be enabled or configured manually. Once POST requests are allowed, the page content will load fine.